Privacy Policy

Last Updated: May 15, 2026

The Short Version: HSA Vault is a local-first application. We do not store your receipts, medical history, or financial data on our servers. Your vault lives on your device.

This Privacy Policy explains how 42DIGITAL ("we", "us", or "our") handles your information when you use the HSA Vault mobile application (the "App"). We built this app with privacy as the foundational feature. Because we deal with health savings accounts and medical receipts, our core philosophy is: if we don't need the data, we don't collect it.

1. How We Store Your Data (Local-First)

All data you input into HSA Vault—including receipt images, merchant names, itemized lists, notes, and total amounts—is stored locally on your device's internal storage using secure mobile frameworks. We do not maintain a central database of our users' transaction history.

2. How the AI Receipt Scanner Works

When you choose to scan a receipt using our AI functionality, the following temporary process occurs:

The receipt image is compressed locally on your device.
The compressed image is sent securely via an encrypted connection to a proxy server operated by 42DIGITAL.
The proxy server immediately forwards the image to our AI provider (OpenAI) to perform Optical Character Recognition (OCR) and item categorization.
The AI provider returns the extracted text data (merchant, date, totals, items) to your device.
Immediate Deletion: Our proxy server does not log, save, or store the image or the returned data. Furthermore, via our enterprise API agreement, OpenAI is strictly prohibited from using your receipt images or data to train their machine learning models.

3. Device Permissions

The App requests the following device permissions to function properly:

Camera: Required to take live photos of your medical receipts.
Photo Library: Required to select existing receipt images from your camera roll.

You may revoke these permissions at any time in your device's settings, though this will limit the App's ability to scan new receipts.

4. Analytics and Crash Reporting

To improve the App's stability, we may collect anonymous, aggregated crash reports (e.g., what type of device crashed and on what screen). These reports never contain your receipt data, medical information, or personal identifiers.

5. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Because we do not collect user emails for account creation, it is your responsibility to review this policy periodically.

6. Contact Us

If you have any questions or concerns about this Privacy Policy or how your data is handled, please reach out to us at:

Website: HSA Vault Support Center
Company: 42DIGITAL